Cisco Security Report Highlights Enterprise Weak Links

Do you know what your weak links are? That question was used by Cisco this week to highlight the theme of the company's recently released Cisco 2014 Midyear Security Report.

The report, which was released this week at the annual Black Hat U.S. conference in Las Vegas, covered some of the major holes enterprises have had to grapple with in the first half of this year.

"Weak links can take many forms: outdated software, poorly written code, an abandoned website, developer errors, a user who blindly trusts," read the report. "Adversaries are committed to finding these weak links, one and all, and using them to their full advantage."

Major Weak Links
After studying 16 multinational organizations for the first six months of the year, three major weak leak trends were discovered that are leaving enterprises vulnerable to malicious online traffic.

The first is a significant increase for man-in-the-browser (MiTB) attacks. Found in infamous malware family that includes Palevo, Zeus and SpyEye, MiTB attacks use botnets spread through instant messaging programs, removable drives and peer-to-peer networks to steal information and pull off DDoS actions. According to the report, 93.75 percent of all networks studied had traffic going to Web sites that hosted malware connected to the three families mentioned above.

The second weak link area Cisco is sounding the warning alarm about is the increased numbers of studied networks issuing DNS queries for Dynamic DNS Domains. "Nearly70 percent (66.67 percent) of customer network sample queries observed in 2014 as part of this 'Inside Out' project have been identified as issuing DNS queries for DDNS," read the report. While Cisco points out that this doesn't mean that every case seen was due to malware, an increase in DDNS traffic means that IT would be wise to keep an eye out on which requests are coming from nefarious source and which requests are legitimate.

Finally, enterprises should be on guard in an increase of malware that are using encrypted communication channels to hide its activities. Cisco witnessed 43.75 percent of customer networks receiving DNS requests from unknown sites asking for connections based off of IPsec VPN, SSL VPN, SSH, SFTP, FTP, and FTPS protocols. If connected, it may be near impossible to figure out exactly which data had been transmitted and where it's headed.

Silver Lining
The news isn't all bad for the first half of 2014. Cisco's report found a significant decrease in exploit kit activity, down 87 percent. The sharp downturn can be attributed to the high-profile takedown of the creators and operators of the widely used Blackhole kit. This created a vacuum in the exploit kit scene that no other substitute has been able to fill.

"When Paunch and Blackhole were put out of commission by the authorities, adversaries turned their attention to new exploit kits," read the report. "There were many contenders in the first half of 2014 vying for the top spot, according to Cisco security researchers; however, a clear leader has yet to emerge."

And what reads to be a mixed bag of good and bad news, the trend of decreasing spam volume has come to an end in 2014, up 210 percent at the end of May compared to the beginning of January, and have reached 200 billion messages per month. While worldwide spam is up, the first half of the year did see major declines in spam numbers in some countries, including the United States, Russia and China.

Microsoft updated an August security advisory this week to urge organizations using the Lightweight Directory Access Protocol in supported Windows systems to implement some configuration changes manually.